Skip to content

DOCS-981 - Update TAXII 2 notice to latest version #5561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 8, 2025
Merged

DOCS-981 - Update TAXII 2 notice to latest version #5561

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions docs/security/threat-intelligence/notice-about-taxii2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,15 @@ description: This article is a product defect notification for missing indicator

## Summary of the issue

We are notifying you of a recently identified issue that affects Sumo Logic’s Threat Intelligence feeds using the TAXII 2.0 protocol. Specifically, URL, domain, and email Indicators of Compromise (IOCs) were not processed and displayed as expected. A customer first reported the issue on June 11, 2025.

Our investigation determined that a processing error in certain non-hash IOCs led to a breakdown in the normalization process, preventing these critical data types from appearing correctly in customer environments.
We are notifying you of a recently identified issue that affects Sumo Logic’s Threat Intelligence feeds using the TAXII 2.0 protocol. Specifically, URL, domain, and email Indicators of Compromise (IOCs) were not processed and displayed as expected. Our investigation determined that a processing error in certain non-hash IOCs led to a breakdown in the normalization process, preventing these critical data types from appearing correctly in customer environments.

If your environment relies on TAXII 2.0-based Threat Intelligence feeds, you may have experienced the following:
* Missing URL, domain, and email IOCs in your threat feeds
* Incomplete detection logic, resulting in gaps in dashboards, threat hunting, and alerting mechanisms that depend on these data types

Our engineering team has traced the issue to a normalization defect in the data processing pipeline, occurring after collection but prior to feed availability.

A fix has been developed and is scheduled for deployment on July 9, 2025. There is no action you or your team needs to take in order to correct this.
A fix has been developed and is scheduled for a rolling deployment starting on July 9, 2025. There is no action you or your team needs to take in order to correct this.

## Important to note

Expand All @@ -35,7 +33,7 @@ A fix has been developed and is scheduled for deployment on July 9, 2025. There
To mitigate the risk of future issues, we are implementing the following changes:
* Expanded automated and manual test coverage across all supported threat feed protocols.
* Strengthened validation and normalization processes across the pipeline.
* Continuous monitoring and alerting enhancements to detect processing anomalies earlier
* Continuous monitoring and alerting enhancements to detect processing anomalies earlier.

## Need help or have questions?

Expand Down